Scenario: We have an application server (IIS 7.0, Windows 2008 R2) and a seperate database server (SQL 2008) for both our test and production environments (so 4 servers total). Our application server is hosting our custom ASP.Net 4.0 applications. We use Windows Authentication and Impersonation. We have also implemented the "double hop" and everything has been working fine. We have 4 application in production and they were all working on Friday.

Problem: Came into work today and we are experiencing Active Directory issues. One of the applications isn't picking up the persons name from Page.User.Identity but thats another issue. Out of the 4 websites two are working perfectly, one has the issue I just mentioned but work for certain people at certain times (really random). The other application however is giving me the "The trust relationship between the primary domain and the trusted domain failed." whenever I (or anyone) goes to it. It works in test but not production. And I cannot reproduce the problem on my machine. The only thing different about these applications that I can see is that this one is using a sitemap when the rest are not. The sitemap is being used for the menu on the left of the screen.

On Friday I was attempting to see how the application would handle a user from a different domain and some of the test servers ports were opened to allow access to the other domain controllers. We have two domains here so the application will need to work for both users. The changes were only made to test not production.

I got our network admin to check if anything was being blocked when I went to the site and we weren't able to see anything being blocked. I am on the same domain as the servers and the application and database servers are on the same domain. I am running out of things to try... The server says it needs to be restarted to apply an update you think that could be effecting it? The applications have been working perfectly for the last month or so and nothing has changed on the server.

Thanks in advance.

EDIT: The issue is "fixed" right now on production. I removed the security trimming on the sitemap and removed the roles associated to it and the problem went away. I say "fixed" because luckily only one AD group needs to use this application. However I am currently working on another application that will need to use security trimming to only show certain menu options to certain groups.

I suspect that when you try to log on as a user from another domain, the user will try to use a referal ticket from his own home domain to access the application. If there is no AD Domain Trust between the two domains, it will spew out this error when trying to assess whether nodes in the sitemap should be filtered or not